CVE-2006-3229

Name of the Vulnerable Software and Affected Versions Open WebMail versions prior to 2.52, specifically those released before 05/12/2006

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the To and From fields in openwebmail-main.pl, and possibly other unspecified vectors related to openwebmail error calls that need to display HTML.

Recommendations For Open WebMail versions prior to 2.52, consider updating to a version released after 05/12/2006 to resolve the issue. As a temporary workaround, restrict input in the To and From fields to minimize the risk of exploitation.